last sync: 2024-Nov-25 18:54:24 UTC

Microsoft Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit Repositories | Regulatory Compliance - Audit and Accountability

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit Repositories
Id a96f743d-a195-420d-983a-08aa06bc441e
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Audit and Accountability control
Additional metadata Name/Id: ACF1118 / Microsoft Managed Control 1118
Category: Audit and Accountability
Title: Audit Review, Analysis, And Reporting | Correlate Audit Repositories
Ownership: Customer, Microsoft
Description: The organization analyzes and correlates audit records across different repositories to gain organization-wide situational awareness.
Requirements: Due to the size and complexity of the Azure environment, Azure utilizes log event forwarding tools to record events across all Azure assets and utilizes monitoring tools to automatically correlate and analyze the events gathered by each logging tool. Log reviews cannot be conducted manually in the Azure environment due to the high volume of events. Instead, Azure implements automated methods to perform review, analysis, and reporting of logs. Azure implements tooling such as Azure Security Monitoring (ASM) and SCUBA to directly alert the appropriate personnel of security-relevant events in a variety of ways, including Service 360 (S360) notifications, Incident Management (IcM) tickets, and work items. These tools utilize audit policies and detections that report events to the Microsoft Operations Center (MOC), Security Response Team, and service teams as appropriate. The policies are tuned to alert on events of immediate concern.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC